407030
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
almost 11 years ago
|
|
U4. Harrison–Ruzzo–Ullman
- BLP - no policies for changing access rights or
creation and deletion of subjects and objects
- HRU addresses these issues
- Not an alternative to BLP, it
captures a different set of Policies
- Not an alternative to BLP, it
captures a different set of Policies
- HRU addresses these issues
- HRU defines six primitive operations for manipulating
subjects, objects and the access matrix
- enter access right into Matrix
- delete access right from Matrix
- create subject s
- delete subject s
- create object o
- delete object o
- Using these primitive operations, you can
build up more complex commands to allow a
variety of functions to be carried out
- enter access right into Matrix
- Access rights
- Read, Write, Own
- Owners can manipulate their objects
- Owners can manipulate their objects
- access matrix describes the state of the system
- commands effect changes in the access
- HRU can model policies for
allocating access rights
- Read, Write, Own
- Leakage and Safety
- Leakage
- An access matrix M is said to leak the right a if there
exists a command c that adds a into a position of the
access matrix that previously did not contain a.
- An access matrix M is said to leak the right a if there
exists a command c that adds a into a position of the
access matrix that previously did not contain a.
- Safety
- An access matrix M is said to be safe with
respect to the right a if no sequence of commands
can transform M into a state that leaks a.
- Difficult to decide if the model is safe
- This introduces the concept of Decidability
- A problem is called undecidable if there is no
algorithm that can guarantee to provide a
solution to every instance of the problem
- No algorithm can possibly exist to
solve every instance of the problem
- Decidability relates to every
instance of the problem.
- The more expressive the security model,
the more difficult it is to verify security
- Linked to the 3rd Fundamental design
decision - Complexity or Assurance
- Linked to the 3rd Fundamental design
decision - Complexity or Assurance
- No algorithm can possibly exist to
solve every instance of the problem
- A problem is called undecidable if there is no
algorithm that can guarantee to provide a
solution to every instance of the problem
- This introduces the concept of Decidability
- An access matrix M is said to be safe with
respect to the right a if no sequence of commands
can transform M into a state that leaks a.
- the Concepts of 'leakage' and 'safety'
are specifically concerned with
whether existing rights can be used to
add unsafe access rights to the matrix
- To verify compliance
with policy
- check that no undesirable
access rights can be granted
- check that no undesirable
access rights can be granted
- Leakage
Want to create your own Mind Maps for free with GoConqr? Learn more.